Binary Planting Vulnerability in ASPECT Configuration Toolset by ABB
CVE-2024-13946

7.1HIGH

Key Information:

Vendor: Abb
Status: Aspect-enterprise; Nexus Series; Matrix Series
Vendor: CVE Published:; 22 May 2025

What is CVE-2024-13946?

A vulnerability exists in ABB's ASPECT configuration toolset, whereby dynamic link libraries (DLLs) are not digitally signed during the loading process. This security flaw exposes devices to the risk of binary planting during device commissioning, potentially allowing malicious actors to execute unauthorized code. Affected products include the ASPECT-Enterprise, NEXUS Series, and MATRIX Series, all of which are vulnerable in versions prior to 3.*. Users are urged to implement mitigation strategies to secure their environments against possible exploitation.

Affected Version(s)

ASPECT-Enterprise Linux 0 <= 3.*

MATRIX Series Linux 0 <= 3.*

NEXUS Series Linux 0 <= 3.*

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
May 8, 2025

Credit

ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure